There should be one (or more possibly) rules for checking that a signature has a time stamp countersigner.
The time stamp digest algorithm should be SHA1 if the digest algorithm of the signature is SHA1.
Time time stamp digest algorithm should be SHA2 if the digest algorithm of the signature is SHA2. Unsure if it's reasonable to say "time stamp digest algorithm == signature file digest algorithm".
There should be one (or more possibly) rules for checking that a signature has a time stamp countersigner.